If you run a website, manage infrastructure, or work in DevOps — there's a good chance you have at least one forgotten subdomain pointing at a service you no longer use. It's not negligence. It's just how the web works. Teams spin up services constantly — staging environments, marketing landing pages, support portals, documentation sites — and when those services get shut down, DNS records are rarely the first thing anyone thinks about. The problem is that a forgotten DNS record isn't just clutter. It can be a serious security vulnerability. What's the risk? When a subdomain points to an external service via a CNAME record, and that service is no longer configured, an attacker can register the unclaimed service and take control of your subdomain. This is called a subdomain takeover .…